description
Students will learn how to escalate privileges using a very vulnerable Linux VM. SSH is open. Your credentials are TCM:Hacker123
🛗 Linux PrivEsc Arena [WIP] {% embed url="https://tryhackme.com/room/linuxprivescarena " %}
https://tryhackme.com/room/linuxprivescarena
{% endembed %}
Room Attributes
Value
Subscription Required
False [Free]
Type
Walkthroughs
Difficulty
Medium
Tags
Security, Linux, PrivEsc
Task 1 [Optional] Connecting to the TryHackMe network {% hint style="success" %}
No answer needed
{% endhint %}
Task 2 Deploy the vulnerable machine Deploy the machine and log into the user account via SSH (or use the browser-based terminal). {% hint style="success" %}
No answer needed
{% endhint %}
Task 3 Privilege Escalation - Kernel Exploits Click 'Completed' once you have successfully elevated the machine {% hint style="success" %}
No answer needed
{% endhint %}
Task 4 Privilege Escalation - Stored Passwords (Config Files) What password did you find?
Reveal Flag 🚩
🚩???
What user's credentials were exposed in the OpenVPN auth file?
Reveal Flag 🚩
🚩???
Task 5 Privilege Escalation - Stored Passwords (History) What was TCM trying to log into?
Reveal Flag 🚩
🚩???
Who was TCM trying to log in as?
Reveal Flag 🚩
🚩???
Naughty naughty. What was the password discovered?
Reveal Flag 🚩
🚩???
Task 6 Privilege Escalation - Weak File Permissions What were the file permissions on the /etc/shadow file?
Reveal Flag 🚩
🚩???
Task 7 Privilege Escalation - SSH Keys What's the full file path of the sensitive file you discovered?
Reveal Flag 🚩
🚩???
Task 8 Privilege Escalation - Sudo (Shell Escaping) Click 'Completed' once you have successfully elevated the machine {% hint style="success" %}
No answer needed
{% endhint %}
Task 9 Privilege Escalation - Sudo (Abusing Intended Functionality) Click 'Completed' once you have successfully elevated the machine {% hint style="success" %}
No answer needed
{% endhint %}
Task 10 Privilege Escalation - Sudo (LD_PRELOAD) Click 'Completed' once you have successfully elevated the machine {% hint style="success" %}
No answer needed
{% endhint %}
Task 11 Privilege Escalation - SUID (Shared Object Injection) Click 'Completed' once you have successfully elevated the machine
Reveal Flag 🚩
🚩???
Task 12 Privilege Escalation - SUID (Symlinks) What CVE is being exploited in this task?
Reveal Flag 🚩
🚩???
What binary is SUID enabled and assists in the attack?
Reveal Flag 🚩
🚩???
Task 13 Privilege Escalation - SUID (Environment Variables #1) What is the last line of the "strings /usr/local/bin/suid-env" output?
Reveal Flag 🚩
🚩???
Task 14 Privilege Escalation - SUID (Environment Variables #2) What is the last line of the "strings /usr/local/bin/suid-env2" output?
Reveal Flag 🚩
🚩???
Task 15 Privilege Escalation - Capabilities Click 'Completed' once you have successfully elevated the machine {% hint style="success" %}
No answer needed
{% endhint %}
Task 16 Privilege Escalation - Cron (Path) Click 'Completed' once you have successfully elevated the machine {% hint style="success" %}
No answer needed
{% endhint %}
Task 17 Privilege Escalation - Cron (Wildcards) Click 'Completed' once you have successfully elevated the machine {% hint style="success" %}
No answer needed
{% endhint %}
Task 18 Privilege Escalation - Cron (File Overwrite) Click 'Completed' once you have successfully elevated the machine {% hint style="success" %}
No answer needed
{% endhint %}
Task 19 Privilege Escalation - NFS Root Squashing Click 'Completed' once you have successfully elevated the machine {% hint style="success" %}
No answer needed
{% endhint %}